Package list python-castellan / dfce4df
Merge "Fix retrieving barbican endpoint from service catalog" Jenkins authored 4 years ago Gerrit Code Review committed 4 years ago
7 changed file(s) with 40 addition(s) and 10 deletion(s). Raw diff Collapse all Expand all
2222 class KeystonePassword(password.Password):
2323 """This class represents a keystone password credential."""
2424
25 def __init__(self, password, username=None, user_id=None,
25 def __init__(self, password, auth_url=None, username=None, user_id=None,
2626 user_domain_id=None, user_domain_name=None, trust_id=None,
2727 domain_id=None, domain_name=None, project_id=None,
2828 project_name=None, project_domain_id=None,
2929 project_domain_name=None, reauthenticate=True):
3030 """Create a new Keystone Password Credential.
3131
32 :param string auth_url: Use this endpoint to connect to Keystone.
3233 :param string password: Password for authentication.
3334 :param string username: Username for authentication.
3435 :param string user_id: User ID for authentication.
4546 one is going to expire. (optional) default True
4647 """
4748
49 self._auth_url = auth_url
4850 self._user_id = user_id
4951 self._user_domain_id = user_domain_id
5052 self._user_domain_name = user_domain_name
5961
6062 super(KeystonePassword, self).__init__(username,
6163 password)
64
65 @property
66 def auth_url(self):
67 """This method returns an auth_url."""
68 return self._auth_url
6269
6370 @property
6471 def user_id(self):
2222 class KeystoneToken(token.Token):
2323 """This class represents a keystone token credential."""
2424
25 def __init__(self, token, trust_id=None, domain_id=None, domain_name=None,
26 project_id=None, project_name=None, project_domain_id=None,
27 project_domain_name=None, reauthenticate=True):
25 def __init__(self, token, auth_url=None, trust_id=None, domain_id=None,
26 domain_name=None, project_id=None, project_name=None,
27 project_domain_id=None, project_domain_name=None,
28 reauthenticate=True):
2829 """Create a new Keystone Token Credential.
2930
3031 :param string token: Token for authentication. The type of token
3132 formats accepted are UUID, PKI, and Fernet.
33 :param string auth_url: Use this endpoint to connect to Keystone.
3234 :param string trust_id: Trust ID for trust scoping.
3335 :param string domain_id: Domain ID for domain scoping.
3436 :param string domain_name: Domain name for domain scoping.
4042 one is going to expire. (optional) default True
4143 """
4244
45 self._auth_url = auth_url
4346 self._trust_id = trust_id
4447 self._domain_id = domain_id
4548 self._domain_name = domain_name
5053 self._reauthenticate = reauthenticate
5154
5255 super(KeystoneToken, self).__init__(token)
56
57 @property
58 def auth_url(self):
59 """This method returns an auth_url."""
60 return self._auth_url
5361
5462 @property
5563 def trust_id(self):
5050 "'keystone_password' auth_type."),
5151
5252 # keystone credential opts
53 cfg.StrOpt('auth_url',
54 help="Use this endpoint to connect to Keystone."),
5355 cfg.StrOpt('user_id',
5456 help="User ID for authentication. Optional for "
5557 "'keystone_token' and 'keystone_password' auth_type."),
129131 elif conf.key_manager.auth_type == 'keystone_password':
130132 return keystone_password.KeystonePassword(
131133 conf.key_manager.password,
134 auth_url=conf.key_manager.auth_url,
132135 username=conf.key_manager.username,
133136 user_id=conf.key_manager.user_id,
134137 user_domain_id=conf.key_manager.user_domain_id,
152155
153156 return keystone_token.KeystoneToken(
154157 auth_token,
158 auth_url=conf.key_manager.auth_url,
155159 trust_id=conf.key_manager.trust_id,
156160 domain_id=conf.key_manager.domain_id,
157161 domain_name=conf.key_manager.domain_name,
5454 help='Version of the Barbican API, for example: "v1"'),
5555 cfg.StrOpt('auth_endpoint',
5656 default='http://localhost/identity/v3',
57 deprecated_name='auth_url',
58 deprecated_group='key_manager',
5759 help='Use this endpoint to connect to Keystone'),
5860 cfg.IntOpt('retry_delay',
5961 default=1,
122124 endpoint=self._barbican_endpoint)
123125 self._current_context = context
124126
127 # TODO(pbourke): more fine grained exception handling - we are eating
128 # tracebacks here
125129 except Exception as e:
126130 LOG.error("Error creating Barbican client: %s", e)
127131 raise exception.KeyManagerError(reason=e)
133137 return self._barbican_client
134138
135139 def _get_keystone_auth(self, context):
136 auth_url = self.conf.barbican.auth_endpoint
137
138140 if context.__class__.__name__ is 'KeystonePassword':
139141 return identity.Password(
140 auth_url=auth_url,
142 auth_url=context.auth_url,
141143 username=context.username,
142144 password=context.password,
143145 user_id=context.user_id,
153155 reauthenticate=context.reauthenticate)
154156 elif context.__class__.__name__ is 'KeystoneToken':
155157 return identity.Token(
156 auth_url=auth_url,
158 auth_url=context.auth_url,
157159 token=context.token,
158160 trust_id=context.trust_id,
159161 domain_id=context.domain_id,
167169 # projects begin to use utils.credential_factory
168170 elif context.__class__.__name__ is 'RequestContext':
169171 return identity.Token(
170 auth_url=auth_url,
172 auth_url=self.conf.barbican.auth_endpoint,
171173 token=context.auth_token,
172174 project_id=context.tenant)
173175 else:
128128 base.BaseTestCase):
129129
130130 def get_context(self):
131 auth_url = CONF.identity.auth_url
131132 username = CONF.identity.username
132133 password = CONF.identity.password
133134 project_name = CONF.identity.project_name
135136 project_domain_name = CONF.identity.project_domain_name
136137
137138 ctxt = keystone_password.KeystonePassword(
138 username=username, password=password,
139 auth_url=auth_url, username=username, password=password,
139140 project_name=project_name,
140141 user_domain_name=user_domain_name,
141142 project_domain_name=project_domain_name)
164165
165166 return keystone_token.KeystoneToken(
166167 token=auth.get_token(sess),
168 auth_url=auth_url,
167169 project_id=auth.get_project_id(sess))
3636
3737 # keystone token credential
3838 [key_manager]
39 auth_url = 'http://192.169.5.254:5000'
3940 auth_type = 'keystone_token'
4041 token = '5b4de0bb77064f289f7cc58e33bea8c7'
4142 project_id = 'a1e19934af81420d980a5d02b4afe9fb'
4243
4344 # keystone password credential
4445 [key_manager]
46 auth_url = 'http://192.169.5.254:5000'
4547 auth_type = 'keystone_password'
4648 username = 'admin'
4749 password = 'passw0rd1'
0 ---
1 deprecations:
2 - |
3 Config option barbican/auth_endpoint is unnecessary and deprecated in
4 favor of the more standard key_manager/auth_url.